When your server shutsdown (halts), reboots, or enters runlevel 1, your iptables configuration is automatically wiped and reset. Packages such as iptables-persistent supposedly help with this problem, but unless you save your rules manually, the rules are never saved automatically when the system reboots.

I've wanted to truly persist my iptables, so I decided to change their package to always save the iptables rules when the system reboots, halts, or enters runlevel 1 automatically. The rules are then restored when the system boots to runlevels 2-5. This means that your iptables configuration will persist forever. This may not be desired, but if I ban an IP address permanently, I always want it to be banned.

If you'd like to use this modified version of iptables-persistent so that your rules are automatically saved on shutdown, you can install it by running the below commands:

Secure your Ubuntu Server from Flood and Other Attacks Using IPTables and WonderShaper

The following commands use IPTables to prevent common flooding and other miscellaneous malicious attacks. These commands can prevent a Linux server from lagging and spending resources on malformed packets. Some of these attacks can cause DDoS attacks, so it is best to use these filters and rules. Use at your own risk. A detailed explanation can be found here.

Limiting download and upload speeds globally does not make a server any more secure than before. However, it can aleviate network lag, which in my opinion ensures availability enhancing security. In Ubuntu, it's easy to limit the max download and upload speed that can be used on an interface. It wasn't always this easy, but thanks to a tool called wondershaper, you don't have to worry about any of the complexities. To install, run the following command:

sudo apt-get install wondershaper

Now, we need to tell wondershaper to start limiting our max download and upload rate on our particular interface. To see a list of interfaces, type the following command:

ifconfig

To determine what your max download and max upload speed should be, use SpeedTest to run a couple of bandwidth tests using your connection. With your results, convert the speeds from mbps to kilobits per second. Use this bandwidth calculator / converter to help you out. Then, I'd subtract 20-30% of each value, as you want to leave some room between your max speed so that bandwith will still be available to other computers / nodes on the network.

Once you have your speeds, start wondershaper (modifying the example below to fit your needs):

Make sure you change your max download and upload speed in both of the examples. Settings will now apply when the computer boots into Linux.

Exclude LAN from Speed Limits

WonderShaper does not differentiate between LAN traffic and external traffic by default. To prevent WonderShaper from limiting LAN network download and upload speeds, install this updated WonderShaper script:

Open a terminal, change to the peerguardian source directory, and run the configure file to generate the makefile.

./configure --sysconfdir=/etc

If you get an error stating that looks like this:

checking for ZLIB... configure: error: Package requirements (zlib) were not met:
No package 'zlib' found
Consider adjusting the PKG_CONFIG_PATH environment variable if you
installed software in a non-standard prefix.
Alternatively, you may set the environment variables ZLIB_CFLAGS
and ZLIB_LIBS to avoid the need to call pkg-config.
See the pkg-config man page for more details.

To do this, just change to the directory of the extracted zlib folder, run:

./configure
sudo make
sudo make install

Now, go back to the peerguardian source directory, and re-run ./configure

You will not receive this error anymore. Why does this happen in the first place? Installing zlib1g-dev should have been enough to satisfy this requirement, but for some reason it doesn't work sometimes and could be a bug.

Errors Post Installation:

BELOW ISSUE (BOTH Bricking your System and Resolv.conf Issue) APPEARS TO HAVE BEEN FIXED IN MAY of 2013I'm going to leave this here though in case someone needs it.

As of 3/17/13, I've noticed that installing Peerguardian Linux from the latest SourceForge source causes a number of serious problems that could brick your Linux install. You must run the following commands after "make install" is completed to avoid running into problems.

If your gksudo or sudo commands no longer work after installing because of a "Unable to copy the user's .Xauthorization file" error message, your .Xauthority file may no longer exist. To fix this issue, run the following commands: